Personally identifiable information (PII) may be collected by a variety of organizations, including healthcare organizations, governmental organizations, financial entities (e.g., credit card companies, banks, etc.), credit bureaus, educational institutions, and other organizations. PII includes information that can be used to uniquely identify an individual and may include, but is not limited to, the individual's full name, date of birth, social security number, bank or credit card numbers, passwords, addresses, phone numbers, and the like. Such data is increasingly maintained in electronic form, making it easier for such data to become compromised, such as through a hacking event, inadvertent disclosure, or other data breach incidents. Compromised PII data may be used for identify theft and for other nefarious purposes.
In addition to data breach events, PII can be compromised through “phishing”, which refers to a process of masquerading as a trustworthy entity in an electronic communication. An example of phishing may include a fraudulent email that appears to be from a valid source, such as, for example, a national bank or a credit card company. The fraudulent email may incorporate a uniform resource locator (URL) that re-directs the user to a fraudulent website that masquerades as a legitimate website for the real company. However, the fraudulent website may be designed to steal PII via a false transaction. For example, the fraudulent website may request “confirmation” of PII, such as, for example, a credit card number or a username and password. The “confirmed” PII may then be stored for later improper use.
Once collected, PII data may be sold on a black market through various web sites and illicit data sources. Such web sites and data sources may not be registered with standard search engines, making them difficult to find through traditional web searches. Such web sites and data sources may be part of the “dark” web, which can be represented by a large number of web servers that do not permit search engine indexing and which host information for those who know where to look.